January 13, 2016
Sensitive non-classified data on the US nuclear agency’s network is vulnerable because contracts do not make it clear who is responsible for cyber security, a federal watchdog has warned.
Although the security operations centre (Soc) of the Nuclear Regulatory Commission (NRC) meets operational security requirements, auditors found that Soc capabilities could be improved through better definition of contractual requirements.
The NRC’s Soc is responsible for securing the agency’s network infrastructure and monitoring the network for suspicious activity.
The audit report by the NRC’s inspector general’s office, which did not cover classified systems, said Soc co-ordination with other NRC stakeholders could benefit from a clearer definition of organisational roles and responsibilities.